annotate ssl_session_reuse.t @ 1851:0351dee227a8

Tests: unbreak tests with dynamic certificates on stable. In 74cffa9d4c43, ticket based session reuse is enabled in addition to using a shared SSL session cache. This changed how a session can be resumed in a different server: - for a session ID based resumption, it is resumed in the same context - when using session tickets, a key name is also checked for matching - with a ticket callback, this is skipped in favor of callback's logic This makes 'session id context match' tests fail with session tickets on stable since ticket key names are unique in distinct SSL contexts. On the other hand, tests pass on 1.23.2+ due to automatic ticket keys rotation that installs ticket callback, and using a common shared SSL session cache.
author Sergey Kandaurov <pluknet@nginx.com>
date Tue, 28 Mar 2023 01:36:32 +0400
parents 8dec885fa3da
children cdcd75657e52
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
1 #!/usr/bin/perl
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
2
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
3 # (C) Andrey Zelenkov
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
4 # (C) Maxim Dounin
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
5 # (C) Nginx, Inc.
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
6
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
7 # Tests for http ssl module, session reuse.
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
8
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
9 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
10
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
11 use warnings;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
12 use strict;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
13
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
14 use Test::More;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
15
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
16 BEGIN { use FindBin; chdir($FindBin::Bin); }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
17
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
18 use lib 'lib';
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
19 use Test::Nginx;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
20
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
21 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
22
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
23 select STDERR; $| = 1;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
24 select STDOUT; $| = 1;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
25
430
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 397
diff changeset
26 eval { require IO::Socket::SSL; };
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
27 plan(skip_all => 'IO::Socket::SSL not installed') if $@;
430
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 397
diff changeset
28 eval { IO::Socket::SSL::SSL_VERIFY_NONE(); };
a82b02635614 Tests: skip ssl tests with ancient IO::Socket::SSL.
Maxim Dounin <mdounin@mdounin.ru>
parents: 397
diff changeset
29 plan(skip_all => 'IO::Socket::SSL too old') if $@;
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
30
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
31 my $t = Test::Nginx->new()->has(qw/http http_ssl rewrite/)
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
32 ->has_daemon('openssl')->plan(8);
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
33
1068
d0ec761774a5 Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1067
diff changeset
34 $t->write_file_expand('nginx.conf', <<'EOF');
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
35
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
36 %%TEST_GLOBALS%%
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
37
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
38 daemon off;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
39
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
40 events {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
41 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
42
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
43 http {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
44 %%TEST_GLOBALS_HTTP%%
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
45
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
46 ssl_certificate_key localhost.key;
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
47 ssl_certificate localhost.crt;
1675
0d1cec688111 Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1655
diff changeset
48
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
49 server {
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
50 listen 127.0.0.1:8443 ssl;
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
51 server_name localhost;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
52
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
53 location / {
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
54 return 200 "body $ssl_session_reused";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
55 }
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
56 location /protocol {
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
57 return 200 "body $ssl_protocol";
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
58 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
59 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
60
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
61 server {
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
62 listen 127.0.0.1:8444 ssl;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
63 server_name localhost;
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
64
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
65 ssl_session_cache shared:SSL:1m;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
66 ssl_session_tickets on;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
67
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
68 location / {
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
69 return 200 "body $ssl_session_reused";
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
70 }
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
71 }
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
72
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
73 server {
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
74 listen 127.0.0.1:8445 ssl;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
75 server_name localhost;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
76
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
77 ssl_session_cache shared:SSL:1m;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
78 ssl_session_tickets off;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
79
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
80 location / {
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
81 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
82 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
83 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
84
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
85 server {
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
86 listen 127.0.0.1:8446 ssl;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
87 server_name localhost;
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
88
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
89 ssl_session_cache builtin;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
90 ssl_session_tickets off;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
91
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
92 location / {
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
93 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
94 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
95 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
96
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
97 server {
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
98 listen 127.0.0.1:8447 ssl;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
99 server_name localhost;
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
100
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
101 ssl_session_cache builtin:1000;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
102 ssl_session_tickets off;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
103
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
104 location / {
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
105 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
106 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
107 }
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
108
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
109 server {
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
110 listen 127.0.0.1:8448 ssl;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
111 server_name localhost;
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
112
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
113 ssl_session_cache none;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
114 ssl_session_tickets off;
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
115
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
116 location / {
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
117 return 200 "body $ssl_session_reused";
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
118 }
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
119 }
1655
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
120
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
121 server {
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
122 listen 127.0.0.1:8449 ssl;
1655
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
123 server_name localhost;
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
124
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
125 ssl_session_cache off;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
126 ssl_session_tickets off;
1655
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
127
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
128 location / {
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
129 return 200 "body $ssl_session_reused";
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
130 }
666d54ab5036 Tests: ssl_session_timeout fixes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1608
diff changeset
131 }
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
132 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
133
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
134 EOF
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
135
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
136 $t->write_file('openssl.conf', <<EOF);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
137 [ req ]
1488
dbce8fb5f5f8 Tests: align with OpenSSL security level 2.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1478
diff changeset
138 default_bits = 2048
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
139 encrypt_key = no
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
140 distinguished_name = req_distinguished_name
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
141 [ req_distinguished_name ]
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
142 EOF
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
143
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
144 my $d = $t->testdir();
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
145
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
146 foreach my $name ('localhost') {
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
147 system('openssl req -x509 -new '
1220
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1139
diff changeset
148 . "-config $d/openssl.conf -subj /CN=$name/ "
0af58b78df35 Tests: removed single quotes from system() calls.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1139
diff changeset
149 . "-out $d/$name.crt -keyout $d/$name.key "
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
150 . ">>$d/openssl.out 2>&1") == 0
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
151 or die "Can't create certificate for $name: $!\n";
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
152 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
153
1139
e7e968e3eb74 Tests: split ssl.t to run relevant tests on stable versions again.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1132
diff changeset
154 $t->run();
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
155
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
156 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
157
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
158 # session reuse:
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
159 #
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
160 # - only tickets, the default
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
161 # - tickets and shared cache, should work always
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
162 # - only shared cache
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
163 # - only builtin cache
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
164 # - only builtin cache with explicitly configured size
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
165 # - only cache none
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
166 # - only cache off
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
167
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
168 TODO: {
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
169 local $TODO = 'no TLSv1.3 sessions, old Net::SSLeay'
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
170 if $Net::SSLeay::VERSION < 1.88 && test_tls13();
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
171 local $TODO = 'no TLSv1.3 sessions, old IO::Socket::SSL'
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
172 if $IO::Socket::SSL::VERSION < 2.061 && test_tls13();
1830
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
173 local $TODO = 'no TLSv1.3 sessions in LibreSSL'
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
174 if $t->has_module('LibreSSL') && test_tls13();
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
175
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
176 is(test_reuse(8443), 1, 'tickets reused');
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
177 is(test_reuse(8444), 1, 'tickets and cache reused');
1830
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
178
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
179 TODO: {
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
180 local $TODO = 'no TLSv1.3 session cache in BoringSSL'
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
181 if $t->has_module('BoringSSL') && test_tls13();
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
182
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
183 is(test_reuse(8445), 1, 'cache shared reused');
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
184 is(test_reuse(8446), 1, 'cache builtin reused');
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
185 is(test_reuse(8447), 1, 'cache builtin size reused');
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
186
1478
f9718a0773b9 Tests: skip TLS 1.3 session reuse tests with older Perl modules.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1449
diff changeset
187 }
1830
8dec885fa3da Tests: LibreSSL and BoringSSL session reuse with TLSv1.3.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1829
diff changeset
188 }
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
189
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
190 is(test_reuse(8448), 0, 'cache none not reused');
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
191 is(test_reuse(8449), 0, 'cache off not reused');
1608
2f00ed2e0d1a Tests: added test for SSL shutdown on lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1552
diff changeset
192
1675
0d1cec688111 Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1655
diff changeset
193 $t->stop();
0d1cec688111 Tests: logging ssl variables with lingering close.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1655
diff changeset
194
1723
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents: 1695
diff changeset
195 like(`grep -F '[crit]' ${\($t->testdir())}/error.log`, qr/^$/s, 'no crit');
3581dc3c1937 Tests: added ssl test for "unexpected eof while reading".
Sergey Kandaurov <pluknet@nginx.com>
parents: 1695
diff changeset
196
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
197 ###############################################################################
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
198
1829
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
199 sub test_tls13 {
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
200 return get('/protocol', 8443) =~ /TLSv1.3/;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
201 }
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
202
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
203 sub test_reuse {
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
204 my ($port) = @_;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
205 my $ctx = get_ssl_context();
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
206 get('/', $port, $ctx);
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
207 return (get('/', $port, $ctx) =~ qr/^body r$/m) ? 1 : 0;
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
208 }
a78c32419f02 Tests: separate SSL session reuse tests.
Maxim Dounin <mdounin@mdounin.ru>
parents: 1820
diff changeset
209
1067
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 974
diff changeset
210 sub get {
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
211 my ($uri, $port, $ctx) = @_;
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
212 my $s = get_ssl_socket($port, $ctx) or return;
1132
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
213 my $r = http_get($uri, socket => $s);
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
214 $s->close();
3d312b6a1a19 Tests: avoid $ssl_session_reused tests failure with OpenSSL 1.1.0.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1116
diff changeset
215 return $r;
1067
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 974
diff changeset
216 }
4606a2ec3d7c Tests: ssl.t cleanup, no functional changes.
Sergey Kandaurov <pluknet@nginx.com>
parents: 974
diff changeset
217
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
218 sub get_ssl_context {
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
219 return IO::Socket::SSL::SSL_Context->new(
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
220 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
221 SSL_session_cache_size => 100
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
222 );
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
223 }
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
224
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
225 sub get_ssl_socket {
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
226 my ($port, $ctx, %extra) = @_;
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
227 my $s;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
228
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
229 eval {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
230 local $SIG{ALRM} = sub { die "timeout\n" };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
231 local $SIG{PIPE} = sub { die "sigpipe\n" };
1421
4e48bf51714f Tests: aligned various generic read timeouts to http_end().
Sergey Kandaurov <pluknet@nginx.com>
parents: 1407
diff changeset
232 alarm(8);
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
233 $s = IO::Socket::SSL->new(
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
234 Proto => 'tcp',
664
97660514e518 Tests: more http ssl tests.
Andrey Zelenkov <zelenkov@nginx.com>
parents: 503
diff changeset
235 PeerAddr => '127.0.0.1',
1514
c6f27bcdd9d9 Tests: revised ssl.t.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1488
diff changeset
236 PeerPort => port($port),
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
237 SSL_verify_mode => IO::Socket::SSL::SSL_VERIFY_NONE(),
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
238 SSL_reuse_ctx => $ctx,
1068
d0ec761774a5 Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1067
diff changeset
239 SSL_error_trap => sub { die $_[1] },
d0ec761774a5 Tests: client certificate issuer/subject variables.
Sergey Kandaurov <pluknet@nginx.com>
parents: 1067
diff changeset
240 %extra
370
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
241 );
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
242 alarm(0);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
243 };
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
244 alarm(0);
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
245
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
246 if ($@) {
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
247 log_in("died: $@");
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
248 return undef;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
249 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
250
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
251 return $s;
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
252 }
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
253
74cfe56c7b83 Tests: simple https tests.
Sergey Kandaurov <pluknet@nginx.com>
parents:
diff changeset
254 ###############################################################################